beautypg.com

Radius server per port, Identifying the radius server to the, Brocade device – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 64: Specifying different servers, For individual aaa functions

background image

The config-radius parameter specifies the RADIUS configuration mode. RADIUS is disabled by
default.

The config-tacacs parameter specifies the TACACS configuration mode. TACACS is disabled by
default.

Identifying the RADIUS server to the Brocade device

To use a RADIUS server to authenticate access to a Brocade device, you must identify the server to
the Brocade device.

device(config)#radius-server host 10.157.22.99

Syntax: radius-server host { ip-addr |ipv6-addr | hostname } [ auth-port number ]

The host ip-addr | ipv6-addr | server-name parameter is either an IP address or an ASCII text string.

The auth-port parameter is the Authentication port number. The default is 1645.

The acct-port parameter is the Accounting port number. The default is 1646.

Specifying different servers for individual AAA functions

In a RADIUS configuration, you can designate a server to handle a specific AAA task. For example,
you can designate one RADIUS server to handle authorization and another RADIUS server to handle
accounting. You can specify individual servers for authentication and accounting, but not for
authorization. You can set the RADIUS key for each server.

To specify different RADIUS servers for authentication, authorization, and accounting, enter
commands such as the following.

device(config)#

radius-server host 10.2.3.4 authentication-only key abc

device(config)#

radius-server host 10.2.3.5 authorization-only key def

device(config)#

radius-server host 10.2.3.6 accounting-only key ghi

Syntax: radius-server host { ip-addr | ipv6-addr | server-name } [ auth-port number ] [ acct-port
number ] [ authentication-only | authorization-only | accounting-only | default ] [ key { [ 0 | 2 ]
string } ]

The default parameter causes the server to be used for all AAA functions.

After authentication takes place, the server that performed the authentication is used for authorization
and accounting. If the authenticating server cannot perform the requested function, then the next
server in the configured list of servers is tried; this process repeats until a server that can perform the
requested function is found, or every server in the configured list has been tried.

RADIUS server per port

You can optionally configure a RADIUS server per port, indicating that it will be used only to
authenticate users on ports to which it is mapped. A RADIUS server that is not explicitly configured as
a RADIUS server per port is a global server , and can be used to authenticate users on ports to which
no RADIUS servers are mapped.

Identifying the RADIUS server to the Brocade device

64

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: